[Webkit-unassigned] [Bug 286905] New: [Win] "std::span::operator[]" raises "span index out of range" error in ComplexTextController::adjustGlyphsAndAdvances for fast/text/word-break-letter-spacing-utf16-surrogates.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 2 21:17:44 PST 2025
https://bugs.webkit.org/show_bug.cgi?id=286905
Bug ID: 286905
Summary: [Win] "std::span::operator[]" raises "span index out
of range" error in
ComplexTextController::adjustGlyphsAndAdvances for
fast/text/word-break-letter-spacing-utf16-surrogates.h
tml
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: New Bugs
Assignee: webkit-unassigned at lists.webkit.org
Reporter: Hironori.Fujii at sony.com
This patch changed to use Debug CRT for Windows Debug build.
https://github.com/WebKit/WebKit/commit/f60c50cc4705a69df96dcd29e47d2ea4927b6d5e
With this patch, Windows Debug builds crashes for fast/text/word-break-letter-spacing-utf16-surrogates.html.
> Program: C:\webkit\wb\webkitbuild\debug\bin\WebCore.dll
> File: C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\span
> Line: 454
>
> Expression: span index out of range
Callstack:
WebCore!std::span<const char16_t,18446744073709551615>::operator[]+0x70
WebCore!WebCore::ComplexTextController::adjustGlyphsAndAdvances+0x8fa
WebCore!WebCore::ComplexTextController::finishConstruction+0x2d
WebCore!WebCore::ComplexTextController::ComplexTextController+0x206
WebCore!WebCore::FontCascade::widthForComplexText+0x6a
WebCore!WebCore::FontCascade::width+0x2cd
WebCore!WebCore::Layout::TextUtil::width+0x512
WebCore!WebCore::Layout::TextUtil::width+0x341
WebCore!WebCore::Layout::InlineItemsBuilder::computeContentAttributesAndInlineTextItemWidths+0x39a
WebCore!WebCore::Layout::InlineItemsBuilder::build+0x146
WebCore!WebCore::Layout::InlineFormattingContext::rebuildInlineItemListIfNeeded+0x118
WebCore!WebCore::Layout::InlineFormattingContext::layout+0x70
WebCore!WebCore::LayoutIntegration::LineLayout::layout+0x2b3
WebCore!WebCore::RenderBlockFlow::layoutInlineContent+0x60f
WebCore!WebCore::RenderBlockFlow::layoutInlineChildren+0x62
WebCore!WebCore::RenderBlockFlow::layoutInFlowChildren+0x1dd
WebCore!WebCore::RenderBlockFlow::layoutBlock+0x4ba
WebCore!WebCore::RenderBlock::layout+0x5e
WebCore!WebCore::RenderBlockFlow::layoutBlockChild+0x35b
WebCore!WebCore::RenderBlockFlow::layoutBlockChildren+0x399
WebCore!WebCore::RenderBlockFlow::layoutInFlowChildren+0x239
WebCore!WebCore::RenderBlockFlow::layoutBlock+0x4ba
WebCore!WebCore::RenderBlock::layout+0x5e
WebCore!WebCore::RenderBlockFlow::layoutBlockChild+0x35b
WebCore!WebCore::RenderBlockFlow::layoutBlockChildren+0x399
WebCore!WebCore::RenderBlockFlow::layoutInFlowChildren+0x239
WebCore!WebCore::RenderBlockFlow::layoutBlock+0x4ba
WebCore!WebCore::RenderBlock::layout+0x5e
WebCore!WebCore::RenderBlockFlow::layoutBlockChild+0x35b
WebCore!WebCore::RenderBlockFlow::layoutBlockChildren+0x399
WebCore!WebCore::RenderBlockFlow::layoutInFlowChildren+0x239
WebCore!WebCore::RenderBlockFlow::layoutBlock+0x4ba
WebCore!WebCore::RenderBlock::layout+0x5e
WebCore!WebCore::RenderView::layout+0x444
WebCore!WebCore::LocalFrameViewLayoutContext::performLayout+0xa95
WebCore!WebCore::LocalFrameViewLayoutContext::layout+0x18a
WebCore!WebCore::Document::implicitClose+0x539
WebCore!WebCore::FrameLoader::checkCallImplicitClose+0xc8
WebCore!WebCore::FrameLoader::checkCompleted+0x20a
WebCore!WebCore::FrameLoader::finishedParsing+0x11f
WebCore!WebCore::Document::finishedParsing+0x3c8
WebCore!WebCore::HTMLConstructionSite::finishedParsing+0x39
WebCore!WebCore::HTMLTreeBuilder::finished+0x10f
WebCore!WebCore::HTMLDocumentParser::end+0x102
WebCore!WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd+0x127
WebCore!WebCore::HTMLDocumentParser::prepareToStopParsing+0x149
WebCore!WebCore::HTMLDocumentParser::attemptToEnd+0x36
WebCore!WebCore::HTMLDocumentParser::finish+0x3e
WebCore!WebCore::DocumentWriter::end+0x1bf
WebCore!WebCore::DocumentLoader::finishedLoading+0x332
WebCore!WebCore::DocumentLoader::notifyFinished+0x241
WebCore!WebCore::CachedResource::checkNotify+0x90
WebCore!WebCore::CachedResource::finishLoading+0x44
WebCore!WebCore::CachedRawResource::finishLoading+0x172
WebCore!WebCore::SubresourceLoader::didFinishLoading+0x4bd
WebKit2!WebKit::WebResourceLoader::didFinishResourceLoad+0x22b
WebKit2!IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (WebCore::NetworkLoadMetrics &&),std::tuple<WebCore::NetworkLoadMetrics> >::<lambda_1>::operator()<WebCore::NetworkLoadMetrics>+0x30
WebKit2!std::invoke<`lambda at C:\webkit\wb\Source\WebKit\Platform\IPC\HandleMessage.h:132:9',WebCore::NetworkLoadMetrics>+0x1d
WebKit2!std::_Apply_impl<`lambda at C:\webkit\wb\Source\WebKit\Platform\IPC\HandleMessage.h:132:9',std::tuple<WebCore::NetworkLoadMetrics>,0>+0x2a
WebKit2!std::apply<`lambda at C:\webkit\wb\Source\WebKit\Platform\IPC\HandleMessage.h:132:9',std::tuple<WebCore::NetworkLoadMetrics> >+0x22
WebKit2!IPC::callMemberFunction<WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (WebCore::NetworkLoadMetrics &&),std::tuple<WebCore::NetworkLoadMetrics> >+0x4f
WebKit2!IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad,IPC::Connection,WebKit::WebResourceLoader,WebKit::WebResourceLoader,void (WebCore::NetworkLoadMetrics &&)>+0xd0
WebKit2!WebKit::WebResourceLoader::didReceiveMessage+0x28a
WebKit2!WebKit::NetworkProcessConnection::dispatchMessage+0xcf
WebKit2!WebKit::NetworkProcessConnection::didReceiveMessage+0x3d7
WebKit2!IPC::Connection::dispatchMessage+0x189
WebKit2!IPC::Connection::dispatchMessage+0x253
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20250203/17bdb85c/attachment-0001.htm>
More information about the webkit-unassigned
mailing list